23andMe sued after Ashkenazi Jews’ user data is stolen and sold in targeted attack
The genetic data testing company 23andMe was the target of a hack aimed at users with Ashkenazi Jewish ancestry. (Wikimedia)
(JTA) — The genetic testing company 23andMe is facing a class action lawsuit over its security practices after hackers stole and published data about 1 million people with Jewish ancestry.
The data breach was revealed on Friday after hackers published a database titled “ashkenazi DNA Data of Celebrities” on dark web forums. Most of the people on the list are not famous, and the database includes information such as display names, sex, birth year, and some details about users’ genetic ancestry results.
The hacker from the initial leak offered to sell data profiles in bulk for $1 to $10 per account. But as many as 7 million accounts may be in the sale — half the users of 23andMe. It is unclear whether whoever compiled the Ashkenazi list — which actually has 999,999 entries — is the same as the group that put it up for sale, NBC News reported.
23andMe is treating the leak as authentic and investigating the incident. It is also requiring its users to change their passwords.
“We are taking this issue seriously and will continue our investigation to confirm these preliminary results,” the company said in a statement.
It is also unclear why the data was stolen, and whether it is solely focused on Ashkenazi Jews. (The hacker also downloaded a separate file with data on more than 300,000 users with Chinese ancestry.)
“When data is shared relating to ethnic, national, political or other groups, sometimes it’s because those groups have been specifically targeted, but sometimes it’s because the person sharing the data thinks it’ll make reputation-boosting headlines,” Brett Callow, a threat analyst at security firm Emsisoft, told Wired.
23andMe confirmed last week that its data had been compromised but said that its systems were not breached. Instead, the company believes the hackers were able to get access to recycled passwords that had already been hacked and leaked on other websites and then used that information to scrape data through 23andMe, which gives its users access to each others’ genetic information to find relatives through a popular feature called “DNA Relatives.”
“This incident really highlights the risks associated with DNA databases,” Callow said. “The fact that accounts had reportedly opted into the ‘DNA Relatives’ feature is particularly concerning as it could potentially result in extremely sensitive information becoming public.”
This article originally appeared on JTA.org.
I hope you appreciated this article. Before you go, I’d like to ask you to please support the Forward’s award-winning, nonprofit journalism during this critical time.
Now more than ever, American Jews need independent news they can trust, with reporting driven by truth, not ideology. We serve you, not any ideological agenda.
At a time when other newsrooms are closing or cutting back, the Forward has removed its paywall and invested additional resources to report on the ground from Israel and around the U.S. on the impact of the war, rising antisemitism and the protests on college campuses.
Readers like you make it all possible. Support our work by becoming a Forward Member and connect with our journalism and your community.
Make a gift of any size and become a Forward member today. You’ll support our mission to tell the American Jewish story fully and fairly.
— Rachel Fishman Feddersen, Publisher and CEO
Join our mission to tell the Jewish story fully and fairly.
